ldapsearch is a very nice tool, but there is one small problem — if an attributes value contains any special characters (anything outside the range of printable ASCII characters), the value is base64 encoded.
so for
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn
the results are:
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: U3RlZmFuIEJyw7xucw==
the following snippet helps:
alias un64='awk '\''BEGIN{FS=":: ";c="base64 -d"}{if(/\w+:: /) {print $2 |& c; close(c,"to"); c |& getline $2; close(c); printf("%s:: \"%s\"\n", $1, $2); next} print $0 }'\'''
Results:
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn | un64
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: "Stefan Brüns"
Warning: Of course this works for attributes with printable characters only. LDAP can contain binary data, e.g. images of the user in JPEG format.
This is cool and works if the encoded base64 is on one line only.
If there’s multiple lines it does not work!
Mutilple lines apper like this:
name:: SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
THERESTOFTHESTRINGLOWERTHAN72CHARS
(the 2nd and 3rd lines start with a space, which has to be removed on result)
Hope you can enhance your script to support multiple lines.
The reson upon which the 72 chars limit exists, if I recall correctly is related to MIME and/or mail protocols.
Cheers
Many thanks! That’s the one-liner I was looking for. :)
You can pass an option „-o ldif-wrap=no“ to ldapsearch to prevent line wrapping.